CVE-2014-8169
First published: Fri Feb 13 2015(Updated: )
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux HPC Node | =6.0 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| automount | =5.0.8 | |
| Open edX | =13.1 | |
| Open edX | =13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=1192565#c2
- https://access.redhat.com/support/policy/updates/errata/
- https://rhn.redhat.com/errata/RHSA-2015-1344.html
- https://rhn.redhat.com/errata/RHSA-2015-2417.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1192565
- http://lists.opensuse.org/opensuse-updates/2015-03/msg00033.html
- http://rhn.redhat.com/errata/RHSA-2015-1344.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html
- http://www.securityfocus.com/bid/73211
- http://www.ubuntu.com/usn/USN-2579-1
- https://bugzilla.suse.com/show_bug.cgi?id=917977
Frequently Asked Questions
What is the severity of CVE-2014-8169?
CVE-2014-8169 has a medium severity rating, allowing local users to gain elevated privileges.
How do I fix CVE-2014-8169?
To fix CVE-2014-8169, update the automount package to a version that addresses the vulnerability, such as 5.0.9 or later.
Which systems are affected by CVE-2014-8169?
CVE-2014-8169 affects Red Hat Enterprise Linux 6.0, openSUSE 13.1, and 13.2, among other versions.
What type of vulnerability is CVE-2014-8169?
CVE-2014-8169 is a local privilege escalation vulnerability that exploits environment variable handling.
Can remote attackers exploit CVE-2014-8169?
No, CVE-2014-8169 can only be exploited by local users on the affected systems.
- agent/type
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2014-8169
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux hpc node
- version/red hat enterprise linux hpc node/6.0
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- vendor/automount project
- canonical/automount
- version/automount/5.0.8
- vendor/opensuse
- canonical/open edx
- version/open edx/13.1
- version/open edx/13.2